X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=moonshot%2Fmech_eap%2FgssapiP_eap.h;h=c0fd894f5e58a32dbbc5e773b7bd1637933c41d8;hb=39993e152d857caecc4973bd205f07221f75a8ce;hp=d1d6bce181d8fec7d1cde2e3da443a208b4e7e3d;hpb=a9bf34aa6f6cf8d8ab975989ae5103798d7e3e75;p=moonshot.git diff --git a/moonshot/mech_eap/gssapiP_eap.h b/moonshot/mech_eap/gssapiP_eap.h index d1d6bce..c0fd894 100644 --- a/moonshot/mech_eap/gssapiP_eap.h +++ b/moonshot/mech_eap/gssapiP_eap.h @@ -42,11 +42,26 @@ #include #include #include +#ifdef HAVE_UNISTD_H #include +#endif +#ifdef HAVE_STDLIB_H #include +#endif +#ifdef HAVE_STDARG_H #include +#endif #include +#ifdef HAVE_SYS_PARAM_H #include +#endif + +#ifdef WIN32 +#ifndef MAXHOSTNAMELEN +# include +# define MAXHOSTNAMELEN NI_MAXHOST +#endif +#endif /* GSS headers */ #include @@ -58,10 +73,15 @@ typedef struct gss_any *gss_any_t; #endif #include "gssapi_eap.h" +#ifndef HAVE_GSS_INQUIRE_ATTRS_FOR_MECH +typedef const gss_OID_desc *gss_const_OID; +#endif + /* Kerberos headers */ #include /* EAP headers */ +#include #include #include #include @@ -70,6 +90,7 @@ typedef struct gss_any *gss_any_t; #include /* FreeRADIUS headers */ +#ifdef GSSEAP_ENABLE_ACCEPTOR #ifdef __cplusplus extern "C" { #define operator fr_operator @@ -82,6 +103,7 @@ extern "C" { #undef operator } #endif +#endif /* GSSEAP_ENABLE_ACCEPTOR */ #include "gsseap_err.h" #include "radsec_err.h" @@ -109,14 +131,16 @@ struct gss_name_struct OM_uint32 flags; gss_OID mechanismUsed; /* this is immutable */ krb5_principal krbPrincipal; /* this is immutable */ +#ifdef GSSEAP_ENABLE_ACCEPTOR struct gss_eap_attr_ctx *attrCtx; +#endif }; #define CRED_FLAG_INITIATE 0x00010000 #define CRED_FLAG_ACCEPT 0x00020000 -#define CRED_FLAG_DEFAULT_IDENTITY 0x00040000 -#define CRED_FLAG_PASSWORD 0x00080000 -#define CRED_FLAG_DEFAULT_CCACHE 0x00100000 +#define CRED_FLAG_PASSWORD 0x00040000 +#define CRED_FLAG_DEFAULT_CCACHE 0x00080000 +#define CRED_FLAG_RESOLVED 0x00100000 #define CRED_FLAG_PUBLIC_MASK 0x0000FFFF #ifdef HAVE_HEIMDAL_VERSION @@ -128,11 +152,15 @@ struct gss_cred_id_struct GSSEAP_MUTEX mutex; OM_uint32 flags; gss_name_t name; + gss_name_t target; /* for initiator */ gss_buffer_desc password; gss_OID_set mechanisms; time_t expiryTime; - char *radiusConfigFile; - char *radiusConfigStanza; + gss_buffer_desc radiusConfigFile; + gss_buffer_desc radiusConfigStanza; + gss_buffer_desc caCertificate; + gss_buffer_desc subjectNameConstraint; + gss_buffer_desc subjectAltNameConstraint; #ifdef GSSEAP_ENABLE_REAUTH krb5_ccache krbCredCache; gss_cred_id_t reauthCred; @@ -165,6 +193,7 @@ struct gss_eap_initiator_ctx { struct wpabuf reqData; }; +#ifdef GSSEAP_ENABLE_ACCEPTOR struct gss_eap_acceptor_ctx { struct rs_context *radContext; struct rs_connection *radConn; @@ -172,6 +201,7 @@ struct gss_eap_acceptor_ctx { gss_buffer_desc state; VALUE_PAIR *vps; }; +#endif #ifdef HAVE_HEIMDAL_VERSION struct gss_ctx_id_t_desc_struct @@ -192,17 +222,21 @@ struct gss_ctx_id_struct time_t expiryTime; uint64_t sendSeq, recvSeq; void *seqState; - gss_cred_id_t defaultCred; + gss_cred_id_t cred; union { struct gss_eap_initiator_ctx initiator; #define initiatorCtx ctxU.initiator +#ifdef GSSEAP_ENABLE_ACCEPTOR struct gss_eap_acceptor_ctx acceptor; #define acceptorCtx ctxU.acceptor +#endif #ifdef GSSEAP_ENABLE_REAUTH gss_ctx_id_t reauth; #define reauthCtx ctxU.reauth #endif } ctxU; + const struct gss_eap_token_buffer_set *inputTokens; + const struct gss_eap_token_buffer_set *outputTokens; }; #define TOK_FLAG_SENDER_IS_ACCEPTOR 0x01 @@ -214,6 +248,36 @@ struct gss_ctx_id_struct #define KEY_USAGE_INITIATOR_SEAL 24 #define KEY_USAGE_INITIATOR_SIGN 25 +/* accept_sec_context.c */ +OM_uint32 +gssEapAcceptSecContext(OM_uint32 *minor, + gss_ctx_id_t ctx, + gss_cred_id_t cred, + gss_buffer_t input_token, + gss_channel_bindings_t input_chan_bindings, + gss_name_t *src_name, + gss_OID *mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec, + gss_cred_id_t *delegated_cred_handle); + +/* init_sec_context.c */ +OM_uint32 +gssEapInitSecContext(OM_uint32 *minor, + gss_cred_id_t cred, + gss_ctx_id_t ctx, + gss_name_t target_name, + gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + gss_channel_bindings_t input_chan_bindings, + gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec); + /* wrap_iov.c */ OM_uint32 gssEapWrapOrGetMIC(OM_uint32 *minor, @@ -257,9 +321,18 @@ rfc4121Flags(gss_ctx_id_t ctx, int receiving); void gssEapSaveStatusInfo(OM_uint32 minor, const char *format, ...); +OM_uint32 +gssEapDisplayStatus(OM_uint32 *minor, + OM_uint32 status_value, + gss_buffer_t status_string); + #define IS_WIRE_ERROR(err) ((err) > GSSEAP_RESERVED && \ (err) <= GSSEAP_RADIUS_PROT_FAILURE) +/* upper bound of RADIUS error range must be kept in sync with radsec.h */ +#define IS_RADIUS_ERROR(err) ((err) >= ERROR_TABLE_BASE_rse && \ + (err) <= ERROR_TABLE_BASE_rse + 20) + /* export_sec_context.c */ OM_uint32 gssEapExportSecContext(OM_uint32 *minor, @@ -267,6 +340,13 @@ gssEapExportSecContext(OM_uint32 *minor, gss_buffer_t token); +/* eap_mech.c */ +void +gssEapInitiatorInit(void); + +void +gssEapFinalize(void); + #ifdef __cplusplus } #endif